Re: MSN Webcam / Chat Spoof

[Steve Poirot <poirotsj () gci net>]

 I don't know about IE, but with Netscape you can import the CRLs and 
arrange for automatic updates with the maximum frequency being once per day.

John.Airey () rnib org uk wrote:

> Because Thawte don't have the hardware capabilities to do this. I'd 
> asked them this before and they told me it would be too difficult to 
> set this up. Even if they did, imagine how much network traffic would 
> be required for verifying every certificate worldwide?
>  
> PKI as it is set up at the moment is as useful as the British MOT 
> test. All it says is that on a given day your identity (or car) was 
> satisfactorily inspected. The other 364 (or 365) days anything could 
> happen.
>  
>
> -
> John Airey, BSc (Jt Hons), CNA, RHCE
> Internet systems support officer, ITCSD, Royal National Institute of 
> the Blind,
> Bakewell Road, Peterborough PE2 6XU,
> Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk
>
> Appeasement is the policy of being nice to a crocodile in the hope 
> that he will eat you last. (Winston Churchill)
>
>     -----Original Message-----
>     From: Richard M. Smith [mailto:rms () computerbytesman com]
>     Sent: 12 May 2003 18:09
>     To: full-disclosure () lists netsys com
>     Subject: RE: [Full-disclosure] MSN Webcam / Chat Spoof
>
>     The other problem with Authenticode is that certifcates aren't
>     revokable.  Why doesn't IE go back to Thawte to see if the
>     "Browser Plugin" certificate is still valid?
>      
>     Richard
>
>         -----Original Message-----
>         From: full-disclosure-admin () lists netsys com
>         [mailto:full-disclosure-admin () lists netsys com] On Behalf Of
>         Daniel Docekal
>         Sent: Monday, May 12, 2003 11:38 AM
>         To: 'Richard M. Smith'; full-disclosure () lists netsys com
>         Subject: RE: [Full-disclosure] MSN Webcam / Chat Spoof
>
>         Sure Richard it is actually loader of dialer program itself -
>         it even updates itself any time it wants and it does anything
>         it wants. And there thousands of people who had this bad luck
>         to "use" that kind of software without properly realising what
>         they are doing.
>          
>         Concerning that certifitace - stop trusting things which
>         cannot be trusted. Would be any COmpany/Street text something
>         you can trust? Would it change any time that company relocates?
>          
>         It's problem of Microsoft who made this "authenticode"
>         verification so misguided and people that they even trust to
>         that. Actually one should not trust to anything that is not
>         personally known to him...
>
>             -----Original Message-----
>             From: full-disclosure-admin () lists netsys com
>             [mailto:full-disclosure-admin () lists netsys com] On Behalf
>             Of Richard M. Smith
>             Sent: Monday, May 12, 2003 4:10 PM
>             To: full-disclosure () lists netsys com
>             Subject: RE: [Full-disclosure] MSN Webcam / Chat Spoof
>
>             The downloaded ActiveX file can be found at this URL:
>             http://80.96.118.2/ac/mw/MSN_QTPieJess1.exe
>              
>             I ran a strings on the file and the control is called: 
>             TIBS Loader module and the ProgID is LoaderCon.LoaderCon. 
>             I can't find anything on the Web about this particular
>             ActiveX control, but it wouldn't surprise me that it is
>             part of some sort adult dialer scheme.  The control
>             appears to be more of a downloader program and not the
>             adult dialer itself.
>              
>             My question:  Why can't an Authenticode certificate
>             present the following information to a user:
>              
>                - Company name
>                - Street address
>                - Phone number
>                - Web site URL
>                - Contact Email address
>                - Company logo
>                - Link to a product description page
>              
>             All this information can be verified when a company
>             applies for a Authenticode signing tool.  The current
>             scheme is just plain silly as this MSN scam illustrates. 
>             There is simply no way to verify where a piece of software
>             is really coming from.
>              
>             Richard 
>              
>
>                 -----Original Message-----
>                 From: full-disclosure-admin () lists netsys com
>                 [mailto:full-disclosure-admin () lists netsys com] On
>                 Behalf Of Daniel Doèekal
>                 Sent: Monday, May 12, 2003 2:08 AM
>                 To: full-disclosure () lists netsys com
>                 Subject: RE: [Full-disclosure] MSN Webcam / Chat Spoof
>
>                 Browser Plugin is ADULT DIALER - it connects via modem
>                 to telephone service and you pay your sexy adventure
>                 through your telephone bill. In many cases, there are
>                 adult dialers committing fraud - they redirect your
>                 dial-up internet connection to very expensive number
>                 without your knowledge.
>
>                     -----Original Message-----
>                     From: full-disclosure-admin () lists netsys com
>                     [mailto:full-disclosure-admin () lists netsys com] On
>                     Behalf Of Richard M. Smith
>                     Sent: Monday, May 12, 2003 3:40 AM
>                     To: full-disclosure () lists netsys com;
>                     secure () microsoft com
>                     Subject: RE: [Full-disclosure] MSN Webcam / Chat Spoof
>
>                     You missed the good part.  If you actually go to
>                     the "MSN" Web site and press the "Connect Now"
>                     button, the site tries to download some
>                     questionable ActiveX control.  Not to worry however:
>                      
>                        Just press YES in the dialog box when it
>                     appears. This operation is totally safe and
>                     certified by Microsoft Authenticode(tm)
>                      
>                     The control is signed by "Browser Plugin".  I
>                     guess Thawte will give anyone an Authenticode
>                     certificate nowadays.  I wonder who "Browser
>                     Plugin" really is?
>                      
>                      
>
>
> -
>
>
> NOTICE: The information contained in this email and any attachments is
>
> confidential and may be legally privileged. If you are not the
>
> intended recipient you are hereby notified that you must not use,
>
> disclose, distribute, copy, print or rely on this email's content. If
>
> you are not the intended recipient, please notify the sender
>
> immediately and then delete the email and any attachments from your
>
> system.
>
>
> RNIB has made strenuous efforts to ensure that emails and any
>
> attachments generated by its staff are free from viruses. However, it
>
> cannot accept any responsibility for any viruses which are
>
> transmitted. We therefore recommend you scan all attachments.
>
>
> Please note that the statements and views expressed in this email
>
> and any attachments are those of the author and do not necessarily
>
> represent those of RNIB.
>
>
> RNIB Registered Charity Number: 226227
>
>
> Website: http://www.rnib.org.uk